[Dovecot] Authentication and the wrong mailbox?

Timo Sirainen tss at iki.fi
Sat Apr 9 21:24:12 EEST 2005


Perhaps these will help in future:

https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154314
https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=154315

On 9.4.2005, at 19:00, Josh Burley wrote:

> We had the same problem when we converted.
>
> What version of dovecot are you using? What are you authenticating 
> against? LDAP?
>
> I had been authenticating via nss to LDAP. I switched to the LDAP 
> native authentication and have not had the problem since.
>
> Rich West wrote:
>
>> I just migrated from UW-imap to dovecot last night.  After some 
>> tweaking of the dovecot.conf file, disabling xinetd's entries, firing 
>> up the dovecot daemon, and copying the .mailboxlist to .subscriptions 
>> for all users, things looked to be going just fine!
>>
>> I received a call this morning from a user stating that they had all 
>> of *my* emails in *their* inbox!  They don't know when it happened as 
>> their machine POP's email off every 5-10 minutes or so, but we were 
>> able to isolate it to a 8hr period last night.
>>
>> Further investigation showed that at some time through the evening, 
>> dovecot freaked out during the authentication phase and for some 
>> bizzare reason, when the user connected via POP3, they were able to 
>> download all of my inbox!
>>
>> Additionally, by the time I was looking in to it, NO users could 
>> authenticate via dovecot, and, hence, no one had access to email.
>>
>> Restarting dovecot resolved the issue, but I have my doubts about it 
>> being truly resolved.
>>
>> I'm going to run some tests (what little I can think of), but this is 
>> the first time I have ever experienced a situation such as this.  One 
>> thing for UW is that this situation never happened, and I've only had 
>> dovecot running for about 13hrs.
>>
>> Any ideas as to how or why this may have happened, and how it can be 
>> prevented, would be wonderful.
>>
>> -Rich
>>
>>
>>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: PGP.sig
Type: application/pgp-signature
Size: 186 bytes
Desc: This is a digitally signed message part
URL: <http://dovecot.org/pipermail/dovecot/attachments/20050409/62cfac62/attachment-0001.bin>


More information about the dovecot mailing list